From owner-freebsd-security@FreeBSD.ORG Tue Apr 8 18:22:07 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 13C19594 for ; Tue, 8 Apr 2014 18:22:07 +0000 (UTC) Received: from kazon.borderworlds.dk (kazon.borderworlds.dk [IPv6:2a01:4f8:201:220c::1:1]) by mx1.freebsd.org (Postfix) with ESMTP id CEDB911FC for ; Tue, 8 Apr 2014 18:22:06 +0000 (UTC) Received: from sona.borderworlds.dk (localhost [127.0.0.1]) by kazon.borderworlds.dk (Postfix) with ESMTP id 53C335C4E for ; Tue, 8 Apr 2014 20:21:59 +0200 (CEST) Message-ID: <53443E46.1020902@borderworlds.dk> Date: Tue, 08 Apr 2014 20:21:58 +0200 From: Christian Laursen User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: FreeBSD's heartbleed response References: <20140408181745.F06A2C007AD@frontend1.nyi.mail.srv.osa> In-Reply-To: <20140408181745.F06A2C007AD@frontend1.nyi.mail.srv.osa> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2014 18:22:07 -0000 On 04/08/14 20:17, Merijn Verstraaten wrote: > Unless I misunderstood earlier emails, the heartbeat extension os ALREADY disabled in base, therefore FreeBSD base isn't vulnerable and the only problem is people who installed a newer OpenSSL from ports. It would be nice, if so@ would send out such a statement to the security-announce list ahead of the actual advisory, so that fewer people will be panicing. -- Christian Laursen